Self-Organized Distributed Anomaly Detection System in Computer Systems Based on The Principal Components Method
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F25840886%3A_____%2F22%3AN0000013" target="_blank" >RIV/25840886:_____/22:N0000013 - isvavai.cz</a>
Výsledek na webu
<a href="https://ceur-ws.org/Vol-3156/paper25.pdf" target="_blank" >https://ceur-ws.org/Vol-3156/paper25.pdf</a>
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Self-Organized Distributed Anomaly Detection System in Computer Systems Based on The Principal Components Method
Popis výsledku v původním jazyce
In order to solve the scientific problem of improving the efficiency of anomaly detection in computer systems, the manifestations of which are due to the effects of malicious software and computer attacks, a method and distributed anomaly detection systems were developed based on synthesis of self-organization and centralization principles. The results are the basis for creating distributed systems to detect computer attacks and malware. Also, they can be used to create such a class of intrusion detection system as a honeynet. As a result, the peculiarities of anomaly manifestation in computer systems under the conditions of malicious software operation and computer attacks in local computer networks are studied and modern methods of anomaly detection, their features and methods of creation and architecture of distributed systems are analyzed. The architecture model of the distributed anomaly detection system in computer systems has been improved, which synthesizes the requirements of distribution, centralization and self-organization, to create distributed systems and their components, which will operate under the leadership of one center distributed between different components and decide independently. the presence of an anomaly. To ensure the integrity of the distributed system, a method was developed to maintain the integrity of the self-organized distributed system to detect anomalies in computer systems, based on which the system could change its architecture without user intervention, and determine strategies for further work. To detect computer attacks and malware, the method of centralized detection of distributed anomalies by the main components search algorithm has been improved to reduce the dimensionality from the moment of receiving and sending data to the decision center of the system. The results were implemented in the appropriate software, with which detection experiments were conducted, which showed improved reliability in the detection of computer attacks and malicious software.
Název v anglickém jazyce
Self-Organized Distributed Anomaly Detection System in Computer Systems Based on The Principal Components Method
Popis výsledku anglicky
In order to solve the scientific problem of improving the efficiency of anomaly detection in computer systems, the manifestations of which are due to the effects of malicious software and computer attacks, a method and distributed anomaly detection systems were developed based on synthesis of self-organization and centralization principles. The results are the basis for creating distributed systems to detect computer attacks and malware. Also, they can be used to create such a class of intrusion detection system as a honeynet. As a result, the peculiarities of anomaly manifestation in computer systems under the conditions of malicious software operation and computer attacks in local computer networks are studied and modern methods of anomaly detection, their features and methods of creation and architecture of distributed systems are analyzed. The architecture model of the distributed anomaly detection system in computer systems has been improved, which synthesizes the requirements of distribution, centralization and self-organization, to create distributed systems and their components, which will operate under the leadership of one center distributed between different components and decide independently. the presence of an anomaly. To ensure the integrity of the distributed system, a method was developed to maintain the integrity of the self-organized distributed system to detect anomalies in computer systems, based on which the system could change its architecture without user intervention, and determine strategies for further work. To detect computer attacks and malware, the method of centralized detection of distributed anomalies by the main components search algorithm has been improved to reduce the dimensionality from the moment of receiving and sending data to the decision center of the system. The results were implemented in the appropriate software, with which detection experiments were conducted, which showed improved reliability in the detection of computer attacks and malicious software.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
N - Vyzkumna aktivita podporovana z neverejnych zdroju
Ostatní
Rok uplatnění
2022
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
3rd International Workshop on Intelligent Information Technologies and Systems of Information Security, IntelITSIS 2022
ISBN
—
ISSN
16130073
e-ISSN
—
Počet stran výsledku
23
Strana od-do
329-351
Název nakladatele
CEUR-WS
Místo vydání
Khmelnytskyi
Místo konání akce
Khmelnytskyi
Datum konání akce
23. 3. 2022
Typ akce podle státní příslušnosti
EUR - Evropská akce
Kód UT WoS článku
—